» easyuninstallpro.exe
Overview
Analysis
File Details
Downloads (1)

easyuninstallpro.exe

Easy Uninstall Pro

Probit Software LTD

The application easyuninstallpro.exe by Probit Software has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. The file has been seen being downloaded from www.easyuninstallpro.com.

File name:

Publisher:

Probit Software LTD (signed by Probit Software LTD)

Product:

Easy Uninstall Pro

Version:

6.07

MD5:

e50a483143222b7a391e9f2d64f23898

SHA-1:

9c121bc004b686d30e05cb798abb8c029d05956f

SHA-256:

84098623f07953674f9d02c707123e28a8d25f17f36630d0b2230c86d70b55f1

Scanner detections:

2 / 68

Status:

Potentially unwanted

Explanation:

The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:

4/24/2024 1:43:25 AM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/Toolbar.Babylon.AB

8.10689

Reason Heuristics

PUP.Optional.ProbitSoftware.Q

14.12.14.11

File size:

1.2 MB (1,272,440 bytes)

Product version:

6.07

Probit Software LTD

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\easyuninstallpro.exe

Digital Signature

Signed by:

Probit Software LTD

Authority:

VeriSign, Inc.

Valid from:

10/12/2011 10:30:00 AM

Valid to:

10/15/2012 10:29:59 AM

Subject:

CN=Probit Software LTD, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Probit Software LTD, L=Netanya, S=Sharon, C=IL

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

50D13765F88DE6E6FA0A341B4A040E8A

File PE Metadata

Compilation timestamp:

6/20/1992 7:52:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:lnaHJ8DdT9uRw2jpN6r3fvz/AktCNzGga7uFO+/bRYlzq4xQBCZc4:lapkTj2jp0fL/Akt8GHaOmalz1c4

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, E8, CD, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E8, CD... 
[+]

Entropy:

7.9902

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

The file easyuninstallpro.exe has been seen being distributed by the following URL.

http://www.easyuninstallpro.com/download.php

Remove easyuninstallpro.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.